My computer became slow again, even though I thought I have had everyhthing resolved. I hvae run adawarer and AVG in safe mode and it came up nothing. Here is my log.
Logfile of HijackThis v1.99.1
Scan saved at 10:11:07 AM, on 4/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
C:\WINDOWS\System32\WISPTIS.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1176181228015
O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoftware.com/activescanpro/as5/asproinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
Please help again. Thank you
Full Version: Do I Still Have Something?
Lavasoft Support Forums > Archived Topics > Archives: Resolved/Inactive Topics > Resolved/Inactive HijackThis Logs
Hi jayandjuls,
How many users on this system? Was this log run under a different user account than your other thread here?
http://www.lavasoftsupport.com/index.php?showtopic=8167
I only noticed a couple of orphaned BHOs (Browser Helper Objects) that weren't there at all before. We'll take care of those in a later step as they are quite harmless at the moment and there may be some other things hiding that need more attention first.
One of the nasties you had there was Vundo which can be very sneaky and hide from HijackThis and other programs. One thing that will help is to rename the HijackThis.exe file.
Go to this file in the HJT folder you created:
C:\HJT\HijackThis.exe <---rightclick on this file and choose *rename* from the menu that drops down.
Rename the file to: HJT.exe
Then close that out and well run it later.
...........................
Then, Run this free tool please:
Please download
VundoFix.exe
to your desktop.
..................................
And then one other free tool please that will give some more information:
Download ComboFix from Here or Here to your Desktop.
1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/combofix.exe
2. Double click on combofix.exe & follow the prompts.
Do NOT click on the window while the fix is running, because that will cause your system to hang and the fix to stall.
3. When finished, it shall produce a log for you. Post that log in your next reply
....................
Logs needed in your next reply are:
a. C:\vundofix.txt
b. Fresh HijackThis log using the newly renamed HJT.exe
c. C:\ComboFix.txt
How many users on this system? Was this log run under a different user account than your other thread here?
http://www.lavasoftsupport.com/index.php?showtopic=8167
I only noticed a couple of orphaned BHOs (Browser Helper Objects) that weren't there at all before. We'll take care of those in a later step as they are quite harmless at the moment and there may be some other things hiding that need more attention first.
One of the nasties you had there was Vundo which can be very sneaky and hide from HijackThis and other programs. One thing that will help is to rename the HijackThis.exe file.
Go to this file in the HJT folder you created:
C:\HJT\HijackThis.exe <---rightclick on this file and choose *rename* from the menu that drops down.
Rename the file to: HJT.exe
Then close that out and well run it later.
...........................
Then, Run this free tool please:
Please download
VundoFix.exe
to your desktop.
- Double-click VundoFix.exe to run it.
- Click the Scan for Vundo button.
- Once it's done scanning, if an Vundo files are found, click the Remove Vundo button.
- You will receive a prompt asking if you want to remove the files,
click YES - Once you click yes, your desktop will go blank as it starts removing
Vundo. - When completed, it will prompt that it will reboot your computer,
click OK. - Please post the contents of C:\vundofix.txt and a new
HiJackThis log.
..................................
And then one other free tool please that will give some more information:
Download ComboFix from Here or Here to your Desktop.
- Double click combofix.exe and follow the prompts.
- When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/combofix.exe
2. Double click on combofix.exe & follow the prompts.
Do NOT click on the window while the fix is running, because that will cause your system to hang and the fix to stall.
3. When finished, it shall produce a log for you. Post that log in your next reply
....................
Logs needed in your next reply are:
a. C:\vundofix.txt
b. Fresh HijackThis log using the newly renamed HJT.exe
c. C:\ComboFix.txt
Thank you Miss Jane for your help. I saw my other discussion had been closed, I did not know that I could post to it. I am the only user for my system, however I do try to do things on my own. I do not want to take up too much of Lavasoft peoples time. I really appreciate everything that you do for me and I realize you have so many people to help.
I did do a vundofix however it did not find anything. Here is my HTJ log and my ComboFix log.
ComboFix
"Owner" - 07-04-11 1:16:20 Service Pack 2
ComboFix 07-04-05 - Running from: "C:\Documents and Settings\Owner\Desktop"
((((((((((((((((((((((((((((((( Files Created from 2007-03-11 to 2007-04-11 ))))))))))))))))))))))))))))))))))
2007-04-10 22:52 <DIR> d-------- C:\WINDOWS\LastGood
2007-04-10 12:22 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
2007-04-10 12:20 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\RipIt4Me
2007-04-10 10:57 <DIR> d-------- C:\VundoFix Backups
2007-04-10 10:46 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-04-10 03:59 <DIR> d-------- C:\WINDOWS\Prefetch
2007-04-10 03:46 95,424 --------- C:\WINDOWS\system32\drivers\slnthal.sys
2007-04-10 03:46 9,216 --------- C:\WINDOWS\system32\proxycfg.exe
2007-04-10 03:46 88,064 --------- C:\WINDOWS\system32\p2pnetsh.dll
2007-04-10 03:46 870,784 --------- C:\WINDOWS\system32\ati3d1ag.dll
2007-04-10 03:46 86,016 --------- C:\WINDOWS\system32\p2pgasvc.dll
2007-04-10 03:46 86,016 --------- C:\WINDOWS\system32\mdmxsdk.dll
2007-04-10 03:46 81,920 --------- C:\WINDOWS\system32\ieencode.dll
2007-04-10 03:46 81,408 --------- C:\WINDOWS\system32\wscsvc.dll
2007-04-10 03:46 8,192 --------- C:\WINDOWS\system32\smbinst.exe
2007-04-10 03:46 78,464 --------- C:\WINDOWS\system32\drivers\usbvideo.sys
2007-04-10 03:46 75,776 --------- C:\WINDOWS\system32\strmfilt.dll
2007-04-10 03:46 73,832 --------- C:\WINDOWS\system32\slcoinst.dll
2007-04-10 03:46 73,796 --------- C:\WINDOWS\system32\slserv.exe
2007-04-10 03:46 73,216 --------- C:\WINDOWS\system32\drivers\atintuxx.sys
2007-04-10 03:46 71,680 --------- C:\WINDOWS\system32\blastcln.exe
2007-04-10 03:46 701,440 --------- C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-04-10 03:46 7,680 --------- C:\WINDOWS\system32\kbdsmsno.dll
2007-04-10 03:46 7,680 --------- C:\WINDOWS\system32\kbdsmsfi.dll
2007-04-10 03:46 7,168 --------- C:\WINDOWS\system32\kbdukx.dll
2007-04-10 03:46 7,168 --------- C:\WINDOWS\system32\kbdno1.dll
2007-04-10 03:46 7,168 --------- C:\WINDOWS\system32\kbdfi1.dll
2007-04-10 03:46 685,056 --------- C:\WINDOWS\system32\drivers\hsfcxts2.sys
2007-04-10 03:46 67,584 --------- C:\WINDOWS\system32\drivers\sdbus.sys
2007-04-10 03:46 63,663 --------- C:\WINDOWS\system32\drivers\ati1rvxx.sys
2007-04-10 03:46 63,488 --------- C:\WINDOWS\system32\drivers\atinxsxx.sys
2007-04-10 03:46 60,416 --------- C:\WINDOWS\system32\fwcfg.dll
2007-04-10 03:46 6,656 --------- C:\WINDOWS\system32\kbdinmal.dll
2007-04-10 03:46 6,656 --------- C:\WINDOWS\system32\kbdinben.dll
2007-04-10 03:46 6,144 --------- C:\WINDOWS\system32\kbdmlt48.dll
2007-04-10 03:46 6,144 --------- C:\WINDOWS\system32\kbdmlt47.dll
2007-04-10 03:46 6,144 --------- C:\WINDOWS\system32\kbdinbe1.dll
2007-04-10 03:46 6,016 --------- C:\WINDOWS\system32\drivers\smbali.sys
2007-04-10 03:46 59,648 --------- C:\WINDOWS\system32\drivers\rfcomm.sys
2007-04-10 03:46 59,392 --------- C:\WINDOWS\system32\logman.exe
2007-04-10 03:46 57,856 --------- C:\WINDOWS\system32\drivers\atinbtxx.sys
2007-04-10 03:46 56,623 --------- C:\WINDOWS\system32\drivers\ati1btxx.sys
2007-04-10 03:46 526,848 --------- C:\WINDOWS\system32\p2psvc.dll
2007-04-10 03:46 52,224 --------- C:\WINDOWS\system32\drivers\atinraxx.sys
2007-04-10 03:46 516,768 --------- C:\WINDOWS\system32\ativvaxx.dll
2007-04-10 03:46 50,688 --------- C:\WINDOWS\system32\btpanui.dll
2007-04-10 03:46 50,176 --------- C:\WINDOWS\system32\xmlprovi.dll
2007-04-10 03:46 5,632 --------- C:\WINDOWS\system32\kbdmaori.dll
2007-04-10 03:46 49,152 --------- C:\WINDOWS\system32\powercfg.exe
2007-04-10 03:46 48,640 --------- C:\WINDOWS\system32\pnrpnsp.dll
2007-04-10 03:46 46,464 --------- C:\WINDOWS\system32\drivers\gagp30kx.sys
2007-04-10 03:46 452,736 --------- C:\WINDOWS\system32\drivers\mtxparhm.sys
2007-04-10 03:46 44,928 --------- C:\WINDOWS\system32\drivers\agpcpq.sys
2007-04-10 03:46 44,672 --------- C:\WINDOWS\system32\drivers\uagp35.sys
2007-04-10 03:46 44,032 --------- C:\WINDOWS\system32\twext.dll
2007-04-10 03:46 43,008 --------- C:\WINDOWS\system32\drivers\amdagp.sys
2007-04-10 03:46 42,752 --------- C:\WINDOWS\system32\drivers\alim1541.sys
2007-04-10 03:46 42,368 --------- C:\WINDOWS\system32\drivers\agp440.sys
2007-04-10 03:46 42,240 --------- C:\WINDOWS\system32\drivers\viaagp.sys
2007-04-10 03:46 41,088 --------- C:\WINDOWS\system32\drivers\sisagp.sys
2007-04-10 03:46 404,990 --------- C:\WINDOWS\system32\drivers\slntamr.sys
2007-04-10 03:46 4,274,816 --------- C:\WINDOWS\system32\nv4_disp.dll
2007-04-10 03:46 4,255 --------- C:\WINDOWS\system32\drivers\adv01nt5.dll
2007-04-10 03:46 397,056 --------- C:\WINDOWS\system32\s3gnb.dll
2007-04-10 03:46 38,016 --------- C:\WINDOWS\system32\drivers\bthmodem.sys
2007-04-10 03:46 377,984 --------- C:\WINDOWS\system32\ati2dvaa.dll
2007-04-10 03:46 36,463 --------- C:\WINDOWS\system32\drivers\ati1tuxx.sys
2007-04-10 03:46 36,096 --------- C:\WINDOWS\system32\drivers\intelppm.sys
2007-04-10 03:46 35,456 --------- C:\WINDOWS\system32\drivers\bthprint.sys
2007-04-10 03:46 34,735 --------- C:\WINDOWS\system32\drivers\ati1xsxx.sys
2007-04-10 03:46 327,040 --------- C:\WINDOWS\system32\drivers\ati2mtaa.sys
2007-04-10 03:46 32,866 --------- C:\WINDOWS\system32\slrundll.exe
2007-04-10 03:46 32,866 --------- C:\WINDOWS\slrundll.exe
2007-04-10 03:46 32,768 --------- C:\WINDOWS\system32\ativtmxx.dll
2007-04-10 03:46 32,285 --------- C:\WINDOWS\system32\hsfcisp2.dll
2007-04-10 03:46 312,320 --------- C:\WINDOWS\system32\p2pgraph.dll
2007-04-10 03:46 31,744 --------- C:\WINDOWS\system32\drivers\atinxbxx.sys
2007-04-10 03:46 30,671 --------- C:\WINDOWS\system32\drivers\ati1raxx.sys
2007-04-10 03:46 30,208 --------- C:\WINDOWS\system32\bthserv.dll
2007-04-10 03:46 30,080 --------- C:\WINDOWS\system32\drivers\rndismpx.sys
2007-04-10 03:46 3,967 --------- C:\WINDOWS\system32\drivers\adv02nt5.dll
2007-04-10 03:46 3,901 --------- C:\WINDOWS\system32\drivers\siint5.dll
2007-04-10 03:46 3,775 --------- C:\WINDOWS\system32\drivers\adv11nt5.dll
2007-04-10 03:46 3,711 --------- C:\WINDOWS\system32\drivers\adv09nt5.dll
2007-04-10 03:46 3,647 --------- C:\WINDOWS\system32\drivers\adv07nt5.dll
2007-04-10 03:46 3,615 --------- C:\WINDOWS\system32\drivers\adv05nt5.dll
2007-04-10 03:46 3,135 --------- C:\WINDOWS\system32\drivers\adv08nt5.dll
2007-04-10 03:46 29,455 --------- C:\WINDOWS\system32\drivers\ati1xbxx.sys
2007-04-10 03:46 29,184 --------- C:\WINDOWS\system32\sdhcinst.dll
2007-04-10 03:46 29,056 --------- C:\WINDOWS\system32\drivers\ip6fw.sys
2007-04-10 03:46 286,792 --------- C:\WINDOWS\system32\slextspk.dll
2007-04-10 03:46 28,672 --------- C:\WINDOWS\system32\drivers\atinsnxx.sys
2007-04-10 03:46 274,304 --------- C:\WINDOWS\system32\drivers\bthport.sys
2007-04-10 03:46 262,784 --------- C:\WINDOWS\system32\drivers\http.sys
2007-04-10 03:46 26,367 --------- C:\WINDOWS\system32\drivers\ati1snxx.sys
2007-04-10 03:46 25,600 --------- C:\WINDOWS\system32\drivers\hidbth.sys
2007-04-10 03:46 25,471 --------- C:\WINDOWS\system32\drivers\watv10nt.sys
2007-04-10 03:46 25,471 --------- C:\WINDOWS\system32\drivers\atv04nt5.dll
2007-04-10 03:46 24,576 --------- C:\WINDOWS\system32\httpapi.dll
2007-04-10 03:46 23,040 --a------ C:\WINDOWS\system32\fltmc.exe
2007-04-10 03:46 229,376 --------- C:\WINDOWS\system32\ati2cqag.dll
2007-04-10 03:46 220,032 --------- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
2007-04-10 03:46 22,271 --------- C:\WINDOWS\system32\drivers\watv06nt.sys
2007-04-10 03:46 21,343 --------- C:\WINDOWS\system32\drivers\ati1ttxx.sys
2007-04-10 03:46 21,183 --------- C:\WINDOWS\system32\drivers\atv01nt5.dll
2007-04-10 03:46 201,728 --------- C:\WINDOWS\system32\ati2dvag.dll
2007-04-10 03:46 20,992 --------- C:\WINDOWS\system32\bthci.dll
2007-04-10 03:46 193,024 --------- C:\WINDOWS\system32\fsquirt.exe
2007-04-10 03:46 188,508 --------- C:\WINDOWS\system32\slgen.dll
2007-04-10 03:46 180,360 --------- C:\WINDOWS\system32\drivers\ntmtlfax.sys
2007-04-10 03:46 18,944 --------- C:\WINDOWS\system32\drivers\bthusb.sys
2007-04-10 03:46 17,408 --------- C:\WINDOWS\system32\winshfhc.dll
2007-04-10 03:46 17,279 --------- C:\WINDOWS\system32\drivers\atv10nt5.dll
2007-04-10 03:46 17,024 --------- C:\WINDOWS\system32\drivers\bthenum.sys
2007-04-10 03:46 166,912 --------- C:\WINDOWS\system32\drivers\s3gnbm.sys
2007-04-10 03:46 16,896 --a------ C:\WINDOWS\system32\fltlib.dll
2007-04-10 03:46 15,872 --------- C:\WINDOWS\system32\w3ssl.dll
2007-04-10 03:46 15,488 --------- C:\WINDOWS\system32\drivers\mssmbios.sys
2007-04-10 03:46 15,423 --------- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
2007-04-10 03:46 15,104 --------- C:\WINDOWS\system32\drivers\hidir.sys
2007-04-10 03:46 14,336 --------- C:\WINDOWS\system32\drivers\atinpdxx.sys
2007-04-10 03:46 14,336 --------- C:\WINDOWS\system32\auditusr.exe
2007-04-10 03:46 14,143 --------- C:\WINDOWS\system32\drivers\atv06nt5.dll
2007-04-10 03:46 13,824 --------- C:\WINDOWS\system32\wscntfy.exe
2007-04-10 03:46 13,824 --------- C:\WINDOWS\system32\drivers\atinttxx.sys
2007-04-10 03:46 13,824 --------- C:\WINDOWS\system32\drivers\atinmdxx.sys
2007-04-10 03:46 13,824 --------- C:\WINDOWS\system32\cmsetacl.dll
2007-04-10 03:46 13,776 --------- C:\WINDOWS\system32\drivers\recagent.sys
2007-04-10 03:46 13,568 --------- C:\WINDOWS\system32\drivers\wacompen.sys
2007-04-10 03:46 13,240 --------- C:\WINDOWS\system32\drivers\slwdmsup.sys
2007-04-10 03:46 129,536 --------- C:\WINDOWS\system32\xmlprov.dll
2007-04-10 03:46 129,535 --------- C:\WINDOWS\system32\drivers\slnt7554.sys
2007-04-10 03:46 128,896 --------- C:\WINDOWS\system32\drivers\fltmgr.sys
2007-04-10 03:46 126,686 --------- C:\WINDOWS\system32\drivers\mtlmnt5.sys
2007-04-10 03:46 12,672 --------- C:\WINDOWS\system32\drivers\usb8023x.sys
2007-04-10 03:46 12,672 --------- C:\WINDOWS\system32\drivers\mutohpen.sys
2007-04-10 03:46 12,047 --------- C:\WINDOWS\system32\drivers\ati1pdxx.sys
2007-04-10 03:46 118,784 --------- C:\WINDOWS\system32\msdadiag.dll
2007-04-10 03:46 116,224 --------- C:\WINDOWS\system32\p2p.dll
2007-04-10 03:46 11,935 --------- C:\WINDOWS\system32\drivers\wadv11nt.sys
2007-04-10 03:46 11,871 --------- C:\WINDOWS\system32\drivers\wadv09nt.sys
2007-04-10 03:46 11,868 --------- C:\WINDOWS\system32\drivers\mdmxsdk.sys
2007-04-10 03:46 11,807 --------- C:\WINDOWS\system32\drivers\wadv07nt.sys
2007-04-10 03:46 11,615 --------- C:\WINDOWS\system32\drivers\ati1mdxx.sys
2007-04-10 03:46 11,359 --------- C:\WINDOWS\system32\drivers\atv02nt5.dll
2007-04-10 03:46 11,325 --------- C:\WINDOWS\system32\drivers\vchnt5.dll
2007-04-10 03:46 11,295 --------- C:\WINDOWS\system32\drivers\wadv08nt.sys
2007-04-10 03:46 11,136 --------- C:\WINDOWS\system32\drivers\sffdisk.sys
2007-04-10 03:46 108,032 --------- C:\WINDOWS\system32\wshbth.dll
2007-04-10 03:46 104,960 --------- C:\WINDOWS\system32\drivers\atinrvxx.sys
2007-04-10 03:46 100,992 --------- C:\WINDOWS\system32\drivers\bthpan.sys
2007-04-10 03:46 10,240 --------- C:\WINDOWS\system32\drivers\sffp_sd.sys
2007-04-10 03:46 1,897,408 --------- C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-04-10 03:46 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll
2007-04-10 03:46 1,737,856 --------- C:\WINDOWS\system32\mtxparhd.dll
2007-04-10 03:46 1,309,184 --------- C:\WINDOWS\system32\drivers\mtlstrm.sys
2007-04-10 03:46 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2007-04-10 03:46 <DIR> d-------- C:\WINDOWS\provisioning
2007-04-10 03:46 <DIR> d-------- C:\WINDOWS\peernet
2007-04-10 03:44 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2007-04-10 03:38 <DIR> d-------- C:\WINDOWS\EHome
2007-04-10 02:27 127,208 --a------ C:\WINDOWS\system32\mucltui.dll
2007-04-10 01:20 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\AdobeUM
2007-04-10 01:15 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-04-10 01:15 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Adobe
2007-04-10 00:57 159,744 --a------ C:\WINDOWS\system32\igfxres.dll
2007-04-10 00:26 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-04-10 00:26 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2007-04-10 00:21 552,989 --a------ C:\WINDOWS\system32\msrepl40.dll
2007-04-10 00:21 512,029 --a------ C:\WINDOWS\system32\msexch40.dll
2007-04-10 00:21 380,957 --a------ C:\WINDOWS\system32\expsrv.dll
2007-04-10 00:21 358,976 --a------ C:\WINDOWS\system32\msjetoledb40.dll
2007-04-10 00:21 348,189 --a------ C:\WINDOWS\system32\msxbde40.dll
2007-04-10 00:21 348,189 --a------ C:\WINDOWS\system32\mspbde40.dll
2007-04-10 00:21 319,517 --a------ C:\WINDOWS\system32\msexcl40.dll
2007-04-10 00:21 30,749 --a------ C:\WINDOWS\system32\vbajet32.dll
2007-04-10 00:21 258,077 --a------ C:\WINDOWS\system32\mstext40.dll
2007-04-10 00:21 241,693 --a------ C:\WINDOWS\system32\msjtes40.dll
2007-04-10 00:21 151,583 --a------ C:\WINDOWS\system32\msjint40.dll
2007-04-10 00:21 1,507,356 --a------ C:\WINDOWS\system32\msjet40.dll
2007-04-10 00:20 831,519 --a------ C:\WINDOWS\system32\mswdat10.dll
2007-04-10 00:20 614,429 --a------ C:\WINDOWS\system32\mswstr10.dll
2007-04-10 00:20 53,279 --a------ C:\WINDOWS\system32\msjter40.dll
2007-04-10 00:20 421,919 --a------ C:\WINDOWS\system32\msrd2x40.dll
2007-04-10 00:20 315,423 --a------ C:\WINDOWS\system32\msrd3x40.dll
2007-04-10 00:20 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-04-10 00:20 213,023 --a------ C:\WINDOWS\system32\msltus40.dll
2007-04-10 00:16 <DIR> d-------- C:\!KillBox
2007-04-10 00:04 <DIR> d-------- C:\Program Files\HJT
2007-04-09 23:45 274,944 --a------ C:\WINDOWS\system32\mstask.dll
2007-04-09 23:45 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll
2007-04-09 23:45 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2007-04-09 23:29 1,082,368 --a------ C:\WINDOWS\system32\esent.dll
2007-04-09 23:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-04-09 23:04 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-04-09 23:04 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-04-09 23:04 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-04-09 23:03 <DIR> d-------- C:\WINDOWS\system32\bits
2007-04-09 20:56 69,632 --a------ C:\WINDOWS\system32\asprouni.exe
2007-04-09 20:54 <DIR> d-------- C:\WINDOWS\system32\ASPRO
2007-04-09 12:55 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-04-09 12:53 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Lavasoft
2007-04-09 12:52 <DIR> d-------- C:\Program Files\Lavasoft
2007-04-09 12:52 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-04-09 08:45 <DIR> d-------- C:\WINDOWS\Sun
2007-04-09 07:46 <DIR> dr-hs---- C:\cmdcons
2007-04-09 07:46 <DIR> d-------- C:\WINDOWS\setupupd
2007-04-09 07:46 <DIR> d-------- C:\WINDOWS\setup.pss
2007-04-09 07:43 8,192 --------- C:\WINDOWS\system32\bitsprx2.dll
2007-04-09 07:43 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2007-04-09 07:43 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
2007-04-09 07:43 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-04-09 07:38 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-04-09 07:38 <DIR> d-------- C:\Program Files\SymNetDrv
2007-04-09 07:35 465,176 --a------ C:\WINDOWS\system32\wuapi.dll
2007-04-09 07:35 41,240 --a------ C:\WINDOWS\system32\wups.dll
2007-04-09 07:35 194,328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-04-09 07:35 173,536 --a------ C:\WINDOWS\system32\wuweb.dll
2007-04-09 07:35 172,312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-04-09 07:35 127,256 --a------ C:\WINDOWS\system32\wucltui.dll
2007-04-09 07:35 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
2007-04-09 07:27 <DIR> d---s---- C:\DOCUME~1\Owner\UserData
2007-04-09 07:21 <DIR> d--hs---- C:\RECYCLER
2007-04-09 07:19 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-04-09 07:19 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-04-09 07:19 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-04-09 07:17 614,912 --a------ C:\WINDOWS\system32\h323msp.dll
2007-04-09 07:17 581,120 --a------ C:\WINDOWS\system32\rpcrt4.dll
2007-04-09 07:17 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2007-04-09 07:17 40,960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-04-09 07:17 331,264 --a------ C:\WINDOWS\system32\ipnathlp.dll
2007-04-09 07:17 262,144 --a------ C:\DOCUME~1\ALLUSE~1\NTUSER.DAT
2007-04-09 07:17 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2007-04-09 07:16 204,800 --a------ C:\WINDOWS\system32\IVIresizeW7.dll
2007-04-09 07:16 200,704 --a------ C:\WINDOWS\system32\IVIresizeA6.dll
2007-04-09 07:16 20,480 --a------ C:\WINDOWS\system32\IVIresize.dll
2007-04-09 07:16 192,512 --a------ C:\WINDOWS\system32\IVIresizeP6.dll
2007-04-09 07:16 192,512 --a------ C:\WINDOWS\system32\IVIresizeM6.dll
2007-04-09 07:16 188,416 --a------ C:\WINDOWS\system32\IVIresizePX.dll
2007-04-09 07:16 10,368 --------- C:\WINDOWS\system32\drivers\pfc.sys
2007-04-09 07:13 52,736 --a------ C:\WINDOWS\system32\drivers\i8042prt.sys
2007-04-09 07:13 24,576 --a------ C:\WINDOWS\system32\drivers\kbdclass.sys
2007-04-09 07:13 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\WINDOWS
2007-04-09 07:13 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec
2007-04-09 07:13 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sun
2007-04-09 07:13 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\APPLIC~1\SampleView
2007-04-09 07:13 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\APPLIC~1\Real
2007-04-09 07:11 <DIR> d--hs---- C:\System Volume Information
2007-04-09 05:39 246 --a------ C:\WINDOWS\system\hpsysdrv.dat
2007-04-09 05:37 <DIR> d-------- C:\WINDOWS\I386
2007-04-09 05:30 <DIR> dr-hsc--- C:\WINDOWS\system32\dllcache
2007-04-09 05:30 <DIR> dr------- C:\WINDOWS\Offline Web Pages
2007-04-09 05:30 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Documents
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-04-10 04:23 -------- d-------- C:\Program Files\java
2007-04-10 03:46 -------- d-------- C:\Program Files\movie maker
2007-04-10 03:44 -------- d-------- C:\Program Files\windows nt
2007-04-10 02:22 -------- d-------- C:\Program Files\messenger
2007-04-10 01:06 -------- d-------- C:\Program Files\norton antivirus
2007-04-10 00:48 -------- d-------- C:\Program Files\Common Files\symantec shared
2007-04-09 21:36 -------- d-------- C:\Program Files\online services
2007-04-09 21:36 -------- d-------- C:\Program Files\msn encarta plus
2007-04-09 21:09 -------- d--h----- C:\Program Files\installshield installation information
2007-04-09 20:51 -------- d-------- C:\DOCUME~1\Owner\APPLIC~1\real
2007-04-09 07:38 -------- d-------- C:\Program Files\symantec
2007-04-09 07:35 -------- d--h----- C:\Program Files\windowsupdate
2007-04-09 07:16 -------- d-------- C:\Program Files\intervideo
2007-03-08 11:36 577536 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 11:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 09:47 1843584 --a------ C:\WINDOWS\system32\win32k.sys
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe"
"HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe"
"KBD"="C:\\HP\\KBD\\KBD.EXE"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"VTTimer"="VTTimer.exe"
"ccApp"="\"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"AGRSMMSG"="AGRSMMSG.exe"
"PS2"="C:\\WINDOWS\\system32\\ps2.exe"
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"AlcxMonitor"="ALCXMNTR.EXE"
"IgfxTray"="C:\\WINDOWS\\System32\\igfxtray.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\
Security Packages REG_MULTI_SZ kerberosmsv1_0schannelwdigest\
Notification Packages REG_MULTI_SZ scecli\
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV\
NetworkService REG_MULTI_SZ DnsCache\
rpcss REG_MULTI_SZ RpcSs\
imgsvc REG_MULTI_SZ StiSvc\
termsvcs REG_MULTI_SZ TermService\
HTTPFilter REG_MULTI_SZ HTTPFilter\
DcomLaunch REG_MULTI_SZ DcomLaunchTermService\
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
C:\WINDOWS\tasks\Symantec NetDetect.job
********************************************************************
catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
Completion time: 07-04-11 1:18:56
C:\ComboFix-quarantined-files.txt ... 07-04-11 01:18
HTJ
Logfile of HijackThis v1.99.1
Scan saved at 1:37:35 AM, on 4/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HJT\HJT.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1176181228015
O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoftware.com/activescanpro/as5/asproinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
Thank you again for your help.
I did do a vundofix however it did not find anything. Here is my HTJ log and my ComboFix log.
ComboFix
"Owner" - 07-04-11 1:16:20 Service Pack 2
ComboFix 07-04-05 - Running from: "C:\Documents and Settings\Owner\Desktop"
((((((((((((((((((((((((((((((( Files Created from 2007-03-11 to 2007-04-11 ))))))))))))))))))))))))))))))))))
2007-04-10 22:52 <DIR> d-------- C:\WINDOWS\LastGood
2007-04-10 12:22 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
2007-04-10 12:20 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\RipIt4Me
2007-04-10 10:57 <DIR> d-------- C:\VundoFix Backups
2007-04-10 10:46 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-04-10 03:59 <DIR> d-------- C:\WINDOWS\Prefetch
2007-04-10 03:46 95,424 --------- C:\WINDOWS\system32\drivers\slnthal.sys
2007-04-10 03:46 9,216 --------- C:\WINDOWS\system32\proxycfg.exe
2007-04-10 03:46 88,064 --------- C:\WINDOWS\system32\p2pnetsh.dll
2007-04-10 03:46 870,784 --------- C:\WINDOWS\system32\ati3d1ag.dll
2007-04-10 03:46 86,016 --------- C:\WINDOWS\system32\p2pgasvc.dll
2007-04-10 03:46 86,016 --------- C:\WINDOWS\system32\mdmxsdk.dll
2007-04-10 03:46 81,920 --------- C:\WINDOWS\system32\ieencode.dll
2007-04-10 03:46 81,408 --------- C:\WINDOWS\system32\wscsvc.dll
2007-04-10 03:46 8,192 --------- C:\WINDOWS\system32\smbinst.exe
2007-04-10 03:46 78,464 --------- C:\WINDOWS\system32\drivers\usbvideo.sys
2007-04-10 03:46 75,776 --------- C:\WINDOWS\system32\strmfilt.dll
2007-04-10 03:46 73,832 --------- C:\WINDOWS\system32\slcoinst.dll
2007-04-10 03:46 73,796 --------- C:\WINDOWS\system32\slserv.exe
2007-04-10 03:46 73,216 --------- C:\WINDOWS\system32\drivers\atintuxx.sys
2007-04-10 03:46 71,680 --------- C:\WINDOWS\system32\blastcln.exe
2007-04-10 03:46 701,440 --------- C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-04-10 03:46 7,680 --------- C:\WINDOWS\system32\kbdsmsno.dll
2007-04-10 03:46 7,680 --------- C:\WINDOWS\system32\kbdsmsfi.dll
2007-04-10 03:46 7,168 --------- C:\WINDOWS\system32\kbdukx.dll
2007-04-10 03:46 7,168 --------- C:\WINDOWS\system32\kbdno1.dll
2007-04-10 03:46 7,168 --------- C:\WINDOWS\system32\kbdfi1.dll
2007-04-10 03:46 685,056 --------- C:\WINDOWS\system32\drivers\hsfcxts2.sys
2007-04-10 03:46 67,584 --------- C:\WINDOWS\system32\drivers\sdbus.sys
2007-04-10 03:46 63,663 --------- C:\WINDOWS\system32\drivers\ati1rvxx.sys
2007-04-10 03:46 63,488 --------- C:\WINDOWS\system32\drivers\atinxsxx.sys
2007-04-10 03:46 60,416 --------- C:\WINDOWS\system32\fwcfg.dll
2007-04-10 03:46 6,656 --------- C:\WINDOWS\system32\kbdinmal.dll
2007-04-10 03:46 6,656 --------- C:\WINDOWS\system32\kbdinben.dll
2007-04-10 03:46 6,144 --------- C:\WINDOWS\system32\kbdmlt48.dll
2007-04-10 03:46 6,144 --------- C:\WINDOWS\system32\kbdmlt47.dll
2007-04-10 03:46 6,144 --------- C:\WINDOWS\system32\kbdinbe1.dll
2007-04-10 03:46 6,016 --------- C:\WINDOWS\system32\drivers\smbali.sys
2007-04-10 03:46 59,648 --------- C:\WINDOWS\system32\drivers\rfcomm.sys
2007-04-10 03:46 59,392 --------- C:\WINDOWS\system32\logman.exe
2007-04-10 03:46 57,856 --------- C:\WINDOWS\system32\drivers\atinbtxx.sys
2007-04-10 03:46 56,623 --------- C:\WINDOWS\system32\drivers\ati1btxx.sys
2007-04-10 03:46 526,848 --------- C:\WINDOWS\system32\p2psvc.dll
2007-04-10 03:46 52,224 --------- C:\WINDOWS\system32\drivers\atinraxx.sys
2007-04-10 03:46 516,768 --------- C:\WINDOWS\system32\ativvaxx.dll
2007-04-10 03:46 50,688 --------- C:\WINDOWS\system32\btpanui.dll
2007-04-10 03:46 50,176 --------- C:\WINDOWS\system32\xmlprovi.dll
2007-04-10 03:46 5,632 --------- C:\WINDOWS\system32\kbdmaori.dll
2007-04-10 03:46 49,152 --------- C:\WINDOWS\system32\powercfg.exe
2007-04-10 03:46 48,640 --------- C:\WINDOWS\system32\pnrpnsp.dll
2007-04-10 03:46 46,464 --------- C:\WINDOWS\system32\drivers\gagp30kx.sys
2007-04-10 03:46 452,736 --------- C:\WINDOWS\system32\drivers\mtxparhm.sys
2007-04-10 03:46 44,928 --------- C:\WINDOWS\system32\drivers\agpcpq.sys
2007-04-10 03:46 44,672 --------- C:\WINDOWS\system32\drivers\uagp35.sys
2007-04-10 03:46 44,032 --------- C:\WINDOWS\system32\twext.dll
2007-04-10 03:46 43,008 --------- C:\WINDOWS\system32\drivers\amdagp.sys
2007-04-10 03:46 42,752 --------- C:\WINDOWS\system32\drivers\alim1541.sys
2007-04-10 03:46 42,368 --------- C:\WINDOWS\system32\drivers\agp440.sys
2007-04-10 03:46 42,240 --------- C:\WINDOWS\system32\drivers\viaagp.sys
2007-04-10 03:46 41,088 --------- C:\WINDOWS\system32\drivers\sisagp.sys
2007-04-10 03:46 404,990 --------- C:\WINDOWS\system32\drivers\slntamr.sys
2007-04-10 03:46 4,274,816 --------- C:\WINDOWS\system32\nv4_disp.dll
2007-04-10 03:46 4,255 --------- C:\WINDOWS\system32\drivers\adv01nt5.dll
2007-04-10 03:46 397,056 --------- C:\WINDOWS\system32\s3gnb.dll
2007-04-10 03:46 38,016 --------- C:\WINDOWS\system32\drivers\bthmodem.sys
2007-04-10 03:46 377,984 --------- C:\WINDOWS\system32\ati2dvaa.dll
2007-04-10 03:46 36,463 --------- C:\WINDOWS\system32\drivers\ati1tuxx.sys
2007-04-10 03:46 36,096 --------- C:\WINDOWS\system32\drivers\intelppm.sys
2007-04-10 03:46 35,456 --------- C:\WINDOWS\system32\drivers\bthprint.sys
2007-04-10 03:46 34,735 --------- C:\WINDOWS\system32\drivers\ati1xsxx.sys
2007-04-10 03:46 327,040 --------- C:\WINDOWS\system32\drivers\ati2mtaa.sys
2007-04-10 03:46 32,866 --------- C:\WINDOWS\system32\slrundll.exe
2007-04-10 03:46 32,866 --------- C:\WINDOWS\slrundll.exe
2007-04-10 03:46 32,768 --------- C:\WINDOWS\system32\ativtmxx.dll
2007-04-10 03:46 32,285 --------- C:\WINDOWS\system32\hsfcisp2.dll
2007-04-10 03:46 312,320 --------- C:\WINDOWS\system32\p2pgraph.dll
2007-04-10 03:46 31,744 --------- C:\WINDOWS\system32\drivers\atinxbxx.sys
2007-04-10 03:46 30,671 --------- C:\WINDOWS\system32\drivers\ati1raxx.sys
2007-04-10 03:46 30,208 --------- C:\WINDOWS\system32\bthserv.dll
2007-04-10 03:46 30,080 --------- C:\WINDOWS\system32\drivers\rndismpx.sys
2007-04-10 03:46 3,967 --------- C:\WINDOWS\system32\drivers\adv02nt5.dll
2007-04-10 03:46 3,901 --------- C:\WINDOWS\system32\drivers\siint5.dll
2007-04-10 03:46 3,775 --------- C:\WINDOWS\system32\drivers\adv11nt5.dll
2007-04-10 03:46 3,711 --------- C:\WINDOWS\system32\drivers\adv09nt5.dll
2007-04-10 03:46 3,647 --------- C:\WINDOWS\system32\drivers\adv07nt5.dll
2007-04-10 03:46 3,615 --------- C:\WINDOWS\system32\drivers\adv05nt5.dll
2007-04-10 03:46 3,135 --------- C:\WINDOWS\system32\drivers\adv08nt5.dll
2007-04-10 03:46 29,455 --------- C:\WINDOWS\system32\drivers\ati1xbxx.sys
2007-04-10 03:46 29,184 --------- C:\WINDOWS\system32\sdhcinst.dll
2007-04-10 03:46 29,056 --------- C:\WINDOWS\system32\drivers\ip6fw.sys
2007-04-10 03:46 286,792 --------- C:\WINDOWS\system32\slextspk.dll
2007-04-10 03:46 28,672 --------- C:\WINDOWS\system32\drivers\atinsnxx.sys
2007-04-10 03:46 274,304 --------- C:\WINDOWS\system32\drivers\bthport.sys
2007-04-10 03:46 262,784 --------- C:\WINDOWS\system32\drivers\http.sys
2007-04-10 03:46 26,367 --------- C:\WINDOWS\system32\drivers\ati1snxx.sys
2007-04-10 03:46 25,600 --------- C:\WINDOWS\system32\drivers\hidbth.sys
2007-04-10 03:46 25,471 --------- C:\WINDOWS\system32\drivers\watv10nt.sys
2007-04-10 03:46 25,471 --------- C:\WINDOWS\system32\drivers\atv04nt5.dll
2007-04-10 03:46 24,576 --------- C:\WINDOWS\system32\httpapi.dll
2007-04-10 03:46 23,040 --a------ C:\WINDOWS\system32\fltmc.exe
2007-04-10 03:46 229,376 --------- C:\WINDOWS\system32\ati2cqag.dll
2007-04-10 03:46 220,032 --------- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
2007-04-10 03:46 22,271 --------- C:\WINDOWS\system32\drivers\watv06nt.sys
2007-04-10 03:46 21,343 --------- C:\WINDOWS\system32\drivers\ati1ttxx.sys
2007-04-10 03:46 21,183 --------- C:\WINDOWS\system32\drivers\atv01nt5.dll
2007-04-10 03:46 201,728 --------- C:\WINDOWS\system32\ati2dvag.dll
2007-04-10 03:46 20,992 --------- C:\WINDOWS\system32\bthci.dll
2007-04-10 03:46 193,024 --------- C:\WINDOWS\system32\fsquirt.exe
2007-04-10 03:46 188,508 --------- C:\WINDOWS\system32\slgen.dll
2007-04-10 03:46 180,360 --------- C:\WINDOWS\system32\drivers\ntmtlfax.sys
2007-04-10 03:46 18,944 --------- C:\WINDOWS\system32\drivers\bthusb.sys
2007-04-10 03:46 17,408 --------- C:\WINDOWS\system32\winshfhc.dll
2007-04-10 03:46 17,279 --------- C:\WINDOWS\system32\drivers\atv10nt5.dll
2007-04-10 03:46 17,024 --------- C:\WINDOWS\system32\drivers\bthenum.sys
2007-04-10 03:46 166,912 --------- C:\WINDOWS\system32\drivers\s3gnbm.sys
2007-04-10 03:46 16,896 --a------ C:\WINDOWS\system32\fltlib.dll
2007-04-10 03:46 15,872 --------- C:\WINDOWS\system32\w3ssl.dll
2007-04-10 03:46 15,488 --------- C:\WINDOWS\system32\drivers\mssmbios.sys
2007-04-10 03:46 15,423 --------- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
2007-04-10 03:46 15,104 --------- C:\WINDOWS\system32\drivers\hidir.sys
2007-04-10 03:46 14,336 --------- C:\WINDOWS\system32\drivers\atinpdxx.sys
2007-04-10 03:46 14,336 --------- C:\WINDOWS\system32\auditusr.exe
2007-04-10 03:46 14,143 --------- C:\WINDOWS\system32\drivers\atv06nt5.dll
2007-04-10 03:46 13,824 --------- C:\WINDOWS\system32\wscntfy.exe
2007-04-10 03:46 13,824 --------- C:\WINDOWS\system32\drivers\atinttxx.sys
2007-04-10 03:46 13,824 --------- C:\WINDOWS\system32\drivers\atinmdxx.sys
2007-04-10 03:46 13,824 --------- C:\WINDOWS\system32\cmsetacl.dll
2007-04-10 03:46 13,776 --------- C:\WINDOWS\system32\drivers\recagent.sys
2007-04-10 03:46 13,568 --------- C:\WINDOWS\system32\drivers\wacompen.sys
2007-04-10 03:46 13,240 --------- C:\WINDOWS\system32\drivers\slwdmsup.sys
2007-04-10 03:46 129,536 --------- C:\WINDOWS\system32\xmlprov.dll
2007-04-10 03:46 129,535 --------- C:\WINDOWS\system32\drivers\slnt7554.sys
2007-04-10 03:46 128,896 --------- C:\WINDOWS\system32\drivers\fltmgr.sys
2007-04-10 03:46 126,686 --------- C:\WINDOWS\system32\drivers\mtlmnt5.sys
2007-04-10 03:46 12,672 --------- C:\WINDOWS\system32\drivers\usb8023x.sys
2007-04-10 03:46 12,672 --------- C:\WINDOWS\system32\drivers\mutohpen.sys
2007-04-10 03:46 12,047 --------- C:\WINDOWS\system32\drivers\ati1pdxx.sys
2007-04-10 03:46 118,784 --------- C:\WINDOWS\system32\msdadiag.dll
2007-04-10 03:46 116,224 --------- C:\WINDOWS\system32\p2p.dll
2007-04-10 03:46 11,935 --------- C:\WINDOWS\system32\drivers\wadv11nt.sys
2007-04-10 03:46 11,871 --------- C:\WINDOWS\system32\drivers\wadv09nt.sys
2007-04-10 03:46 11,868 --------- C:\WINDOWS\system32\drivers\mdmxsdk.sys
2007-04-10 03:46 11,807 --------- C:\WINDOWS\system32\drivers\wadv07nt.sys
2007-04-10 03:46 11,615 --------- C:\WINDOWS\system32\drivers\ati1mdxx.sys
2007-04-10 03:46 11,359 --------- C:\WINDOWS\system32\drivers\atv02nt5.dll
2007-04-10 03:46 11,325 --------- C:\WINDOWS\system32\drivers\vchnt5.dll
2007-04-10 03:46 11,295 --------- C:\WINDOWS\system32\drivers\wadv08nt.sys
2007-04-10 03:46 11,136 --------- C:\WINDOWS\system32\drivers\sffdisk.sys
2007-04-10 03:46 108,032 --------- C:\WINDOWS\system32\wshbth.dll
2007-04-10 03:46 104,960 --------- C:\WINDOWS\system32\drivers\atinrvxx.sys
2007-04-10 03:46 100,992 --------- C:\WINDOWS\system32\drivers\bthpan.sys
2007-04-10 03:46 10,240 --------- C:\WINDOWS\system32\drivers\sffp_sd.sys
2007-04-10 03:46 1,897,408 --------- C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-04-10 03:46 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll
2007-04-10 03:46 1,737,856 --------- C:\WINDOWS\system32\mtxparhd.dll
2007-04-10 03:46 1,309,184 --------- C:\WINDOWS\system32\drivers\mtlstrm.sys
2007-04-10 03:46 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2007-04-10 03:46 <DIR> d-------- C:\WINDOWS\provisioning
2007-04-10 03:46 <DIR> d-------- C:\WINDOWS\peernet
2007-04-10 03:44 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2007-04-10 03:38 <DIR> d-------- C:\WINDOWS\EHome
2007-04-10 02:27 127,208 --a------ C:\WINDOWS\system32\mucltui.dll
2007-04-10 01:20 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\AdobeUM
2007-04-10 01:15 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-04-10 01:15 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Adobe
2007-04-10 00:57 159,744 --a------ C:\WINDOWS\system32\igfxres.dll
2007-04-10 00:26 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-04-10 00:26 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2007-04-10 00:21 552,989 --a------ C:\WINDOWS\system32\msrepl40.dll
2007-04-10 00:21 512,029 --a------ C:\WINDOWS\system32\msexch40.dll
2007-04-10 00:21 380,957 --a------ C:\WINDOWS\system32\expsrv.dll
2007-04-10 00:21 358,976 --a------ C:\WINDOWS\system32\msjetoledb40.dll
2007-04-10 00:21 348,189 --a------ C:\WINDOWS\system32\msxbde40.dll
2007-04-10 00:21 348,189 --a------ C:\WINDOWS\system32\mspbde40.dll
2007-04-10 00:21 319,517 --a------ C:\WINDOWS\system32\msexcl40.dll
2007-04-10 00:21 30,749 --a------ C:\WINDOWS\system32\vbajet32.dll
2007-04-10 00:21 258,077 --a------ C:\WINDOWS\system32\mstext40.dll
2007-04-10 00:21 241,693 --a------ C:\WINDOWS\system32\msjtes40.dll
2007-04-10 00:21 151,583 --a------ C:\WINDOWS\system32\msjint40.dll
2007-04-10 00:21 1,507,356 --a------ C:\WINDOWS\system32\msjet40.dll
2007-04-10 00:20 831,519 --a------ C:\WINDOWS\system32\mswdat10.dll
2007-04-10 00:20 614,429 --a------ C:\WINDOWS\system32\mswstr10.dll
2007-04-10 00:20 53,279 --a------ C:\WINDOWS\system32\msjter40.dll
2007-04-10 00:20 421,919 --a------ C:\WINDOWS\system32\msrd2x40.dll
2007-04-10 00:20 315,423 --a------ C:\WINDOWS\system32\msrd3x40.dll
2007-04-10 00:20 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-04-10 00:20 213,023 --a------ C:\WINDOWS\system32\msltus40.dll
2007-04-10 00:16 <DIR> d-------- C:\!KillBox
2007-04-10 00:04 <DIR> d-------- C:\Program Files\HJT
2007-04-09 23:45 274,944 --a------ C:\WINDOWS\system32\mstask.dll
2007-04-09 23:45 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll
2007-04-09 23:45 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2007-04-09 23:29 1,082,368 --a------ C:\WINDOWS\system32\esent.dll
2007-04-09 23:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-04-09 23:04 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-04-09 23:04 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-04-09 23:04 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-04-09 23:03 <DIR> d-------- C:\WINDOWS\system32\bits
2007-04-09 20:56 69,632 --a------ C:\WINDOWS\system32\asprouni.exe
2007-04-09 20:54 <DIR> d-------- C:\WINDOWS\system32\ASPRO
2007-04-09 12:55 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-04-09 12:53 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Lavasoft
2007-04-09 12:52 <DIR> d-------- C:\Program Files\Lavasoft
2007-04-09 12:52 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-04-09 08:45 <DIR> d-------- C:\WINDOWS\Sun
2007-04-09 07:46 <DIR> dr-hs---- C:\cmdcons
2007-04-09 07:46 <DIR> d-------- C:\WINDOWS\setupupd
2007-04-09 07:46 <DIR> d-------- C:\WINDOWS\setup.pss
2007-04-09 07:43 8,192 --------- C:\WINDOWS\system32\bitsprx2.dll
2007-04-09 07:43 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2007-04-09 07:43 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
2007-04-09 07:43 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-04-09 07:38 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-04-09 07:38 <DIR> d-------- C:\Program Files\SymNetDrv
2007-04-09 07:35 465,176 --a------ C:\WINDOWS\system32\wuapi.dll
2007-04-09 07:35 41,240 --a------ C:\WINDOWS\system32\wups.dll
2007-04-09 07:35 194,328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-04-09 07:35 173,536 --a------ C:\WINDOWS\system32\wuweb.dll
2007-04-09 07:35 172,312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-04-09 07:35 127,256 --a------ C:\WINDOWS\system32\wucltui.dll
2007-04-09 07:35 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
2007-04-09 07:27 <DIR> d---s---- C:\DOCUME~1\Owner\UserData
2007-04-09 07:21 <DIR> d--hs---- C:\RECYCLER
2007-04-09 07:19 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-04-09 07:19 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-04-09 07:19 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-04-09 07:17 614,912 --a------ C:\WINDOWS\system32\h323msp.dll
2007-04-09 07:17 581,120 --a------ C:\WINDOWS\system32\rpcrt4.dll
2007-04-09 07:17 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2007-04-09 07:17 40,960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-04-09 07:17 331,264 --a------ C:\WINDOWS\system32\ipnathlp.dll
2007-04-09 07:17 262,144 --a------ C:\DOCUME~1\ALLUSE~1\NTUSER.DAT
2007-04-09 07:17 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2007-04-09 07:16 204,800 --a------ C:\WINDOWS\system32\IVIresizeW7.dll
2007-04-09 07:16 200,704 --a------ C:\WINDOWS\system32\IVIresizeA6.dll
2007-04-09 07:16 20,480 --a------ C:\WINDOWS\system32\IVIresize.dll
2007-04-09 07:16 192,512 --a------ C:\WINDOWS\system32\IVIresizeP6.dll
2007-04-09 07:16 192,512 --a------ C:\WINDOWS\system32\IVIresizeM6.dll
2007-04-09 07:16 188,416 --a------ C:\WINDOWS\system32\IVIresizePX.dll
2007-04-09 07:16 10,368 --------- C:\WINDOWS\system32\drivers\pfc.sys
2007-04-09 07:13 52,736 --a------ C:\WINDOWS\system32\drivers\i8042prt.sys
2007-04-09 07:13 24,576 --a------ C:\WINDOWS\system32\drivers\kbdclass.sys
2007-04-09 07:13 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\WINDOWS
2007-04-09 07:13 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec
2007-04-09 07:13 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sun
2007-04-09 07:13 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\APPLIC~1\SampleView
2007-04-09 07:13 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\APPLIC~1\Real
2007-04-09 07:11 <DIR> d--hs---- C:\System Volume Information
2007-04-09 05:39 246 --a------ C:\WINDOWS\system\hpsysdrv.dat
2007-04-09 05:37 <DIR> d-------- C:\WINDOWS\I386
2007-04-09 05:30 <DIR> dr-hsc--- C:\WINDOWS\system32\dllcache
2007-04-09 05:30 <DIR> dr------- C:\WINDOWS\Offline Web Pages
2007-04-09 05:30 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Documents
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-04-10 04:23 -------- d-------- C:\Program Files\java
2007-04-10 03:46 -------- d-------- C:\Program Files\movie maker
2007-04-10 03:44 -------- d-------- C:\Program Files\windows nt
2007-04-10 02:22 -------- d-------- C:\Program Files\messenger
2007-04-10 01:06 -------- d-------- C:\Program Files\norton antivirus
2007-04-10 00:48 -------- d-------- C:\Program Files\Common Files\symantec shared
2007-04-09 21:36 -------- d-------- C:\Program Files\online services
2007-04-09 21:36 -------- d-------- C:\Program Files\msn encarta plus
2007-04-09 21:09 -------- d--h----- C:\Program Files\installshield installation information
2007-04-09 20:51 -------- d-------- C:\DOCUME~1\Owner\APPLIC~1\real
2007-04-09 07:38 -------- d-------- C:\Program Files\symantec
2007-04-09 07:35 -------- d--h----- C:\Program Files\windowsupdate
2007-04-09 07:16 -------- d-------- C:\Program Files\intervideo
2007-03-08 11:36 577536 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 11:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 09:47 1843584 --a------ C:\WINDOWS\system32\win32k.sys
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe"
"HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe"
"KBD"="C:\\HP\\KBD\\KBD.EXE"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"VTTimer"="VTTimer.exe"
"ccApp"="\"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"AGRSMMSG"="AGRSMMSG.exe"
"PS2"="C:\\WINDOWS\\system32\\ps2.exe"
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"AlcxMonitor"="ALCXMNTR.EXE"
"IgfxTray"="C:\\WINDOWS\\System32\\igfxtray.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\
Security Packages REG_MULTI_SZ kerberosmsv1_0schannelwdigest\
Notification Packages REG_MULTI_SZ scecli\
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV\
NetworkService REG_MULTI_SZ DnsCache\
rpcss REG_MULTI_SZ RpcSs\
imgsvc REG_MULTI_SZ StiSvc\
termsvcs REG_MULTI_SZ TermService\
HTTPFilter REG_MULTI_SZ HTTPFilter\
DcomLaunch REG_MULTI_SZ DcomLaunchTermService\
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
C:\WINDOWS\tasks\Symantec NetDetect.job
********************************************************************
catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
Completion time: 07-04-11 1:18:56
C:\ComboFix-quarantined-files.txt ... 07-04-11 01:18
HTJ
Logfile of HijackThis v1.99.1
Scan saved at 1:37:35 AM, on 4/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HJT\HJT.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1176181228015
O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoftware.com/activescanpro/as5/asproinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
Thank you again for your help.
Thanks for the extra logs and info on my questions about other users, they help determine if there might some malware lurking and I don't see anything jumping out at me, which is good 
Open HijackThis and do a *system scan only*.
When it finishes, place a checkmark next to these two entries, then press the *fix checked* button:
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
Those are harmless orphaned entries that just need to cleaned up which HjiackThis can do.
You haven't mentioned any symptoms besides "slowness". I assume you haven't seen any popups? Therefore we may be looking for causes other than malware incidents.
Looking at your running programs (and jurgenv touched on this in your last topic) there were both Norton and Trend-Micro running which would be the first thing I suspect in causing performance issues. You should only have one of those running "realtime" and depending on what versions you have, the new versions do not like any other AV installed at the same time. So you may need to completely uninstall one and leave only one running. Did you uninstall the Trend-Micro?
Are any of the programs you now have installed that are fairly new (AVG Antispyware?) Did you uninstall SpySweeper? Windows Defender?
Open HijackThis and do a *system scan only*.
When it finishes, place a checkmark next to these two entries, then press the *fix checked* button:
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
Those are harmless orphaned entries that just need to cleaned up which HjiackThis can do.
You haven't mentioned any symptoms besides "slowness". I assume you haven't seen any popups? Therefore we may be looking for causes other than malware incidents.
Looking at your running programs (and jurgenv touched on this in your last topic) there were both Norton and Trend-Micro running which would be the first thing I suspect in causing performance issues. You should only have one of those running "realtime" and depending on what versions you have, the new versions do not like any other AV installed at the same time. So you may need to completely uninstall one and leave only one running. Did you uninstall the Trend-Micro?
Are any of the programs you now have installed that are fairly new (AVG Antispyware?) Did you uninstall SpySweeper? Windows Defender?
Actually what I did was after we cleared the infection on my computer I did a system restore (back to the factory settings), and the only two protection I reinstalled was the Ad-Aware and the AVG I updated the service pack and JAVA. besides that the Norton is on there that came with my computer.
I think in the process of web surfing I clicked on a link and got infected again. I tried to get rid of it myself, I do not think the system is infected anymore but it is a lot slower.
When I did the HTJ and fixed the items it created a backup folder/files should these be left there?
here is my new log
Logfile of HijackThis v1.99.1
Scan saved at 11:43:31 AM, on 4/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\HJT\HJT.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1176181228015
O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoftware.com/activescanpro/as5/asproinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
Thank you
I think in the process of web surfing I clicked on a link and got infected again. I tried to get rid of it myself, I do not think the system is infected anymore but it is a lot slower.
When I did the HTJ and fixed the items it created a backup folder/files should these be left there?
here is my new log
Logfile of HijackThis v1.99.1
Scan saved at 11:43:31 AM, on 4/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\HJT\HJT.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1176181228015
O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoftware.com/activescanpro/as5/asproinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
Thank you
You did a restore from the recovery disk?
I don't see any signs of malware either and if the only symptom you are seeing is the slowness, it may be something operational at this point, especially if you noticed it after the system recovery.
The Norton that came with your computer is likely no longer valid, unless you paid for the subscription after the trial ended.
If not and you are not going to keep it, you need to uninstall it and get something up to date for AV protection. The Ad-Aware and AVG Antispyware programs won't protect against all viruses, worms and trojans. They are primarily for spyware/adware protection.
Your computer manufacturer may be able to offer additional suggestions, depending on the model of your PC
I don't see any signs of malware either and if the only symptom you are seeing is the slowness, it may be something operational at this point, especially if you noticed it after the system recovery.
The Norton that came with your computer is likely no longer valid, unless you paid for the subscription after the trial ended.
If not and you are not going to keep it, you need to uninstall it and get something up to date for AV protection. The Ad-Aware and AVG Antispyware programs won't protect against all viruses, worms and trojans. They are primarily for spyware/adware protection.
Your computer manufacturer may be able to offer additional suggestions, depending on the model of your PC
thank you for all your help.
You're welcome
I'll leave this thread open for a while in case anything else comes up.
I'll leave this thread open for a while in case anything else comes up.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.